[英]How to add AWS managed policy through CloudFormation
I want to add AWS managed policy (AmazonSSMFullAccess) to a role using CloudFormation.我想使用 CloudFormation 将 AWS 托管策略 (AmazonSSMFullAccess) 添加到角色。 I tried to use
AWS::IAM::ManagedPolicy
but it creates a Customer Managed policy and I don't want that.我尝试使用
AWS::IAM::ManagedPolicy
,但它创建了一个客户管理的策略,我不希望这样。 I want it to be AWS managed.我希望它由 AWS 托管。 Do you have any idea how can I do that?
你知道我该怎么做吗?
I am trying to add AWS managed AmazonSSMFullAccess and here is the code I am using in mu CF template:我正在尝试添加 AWS 托管的 AmazonSSMFullAccess,这是我在 mu CF 模板中使用的代码:
AmazonSSMFullAccess:
Type: AWS::IAM::ManagedPolicy
Properties:
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 'cloudwatch:PutMetricData'
- 'ds:CreateComputer'
- 'ds:DescribeDirectories'
- 'ec2:DescribeInstanceStatus'
- 'logs:*'
- 'ssm:*'
- 'ec2messages:*'
Resource: '*'
- Effect: Allow
Action: 'iam:CreateServiceLinkedRole'
Resource: >-
arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*
Condition:
StringLike:
'iam:AWSServiceName': ssm.amazonaws.com
- Effect: Allow
Action:
- 'iam:DeleteServiceLinkedRole'
- 'iam:GetServiceLinkedRoleDeletionStatus'
Resource: >-
arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*
- Effect: Allow
Action:
- 'ssmmessages:CreateControlChannel'
- 'ssmmessages:CreateDataChannel'
- 'ssmmessages:OpenControlChannel'
- 'ssmmessages:OpenDataChannel'
Resource: '*'
You can't create AWS managed policies , because only AWS can do it.您无法创建 AWS 托管策略,因为只有 AWS 可以做到。 You, as an AWS customer can only create customer managed policies.
作为 AWS 客户,您只能创建客户托管策略。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.